GCVE - cpe:2.3:a:altran:picotcp-ng:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:altran:picotcp-ng:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Altran (`d19dd489-1c53-511b-bba7-fbd6ee95b987`)
Product	Picotcp Ng (`ef342890-2640-5d67-9074-e872e7bddb48`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/virtualsquare/picotcp`	purl2cpe	2026-06-01 10:13:06.988235

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-24341`	vulnerable	2026-06-08 05:22:32.817247	Details available An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak. Published: 2020-12-11T22:55:33.000Z Updated: 2024-08-04T15:12:08.661Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/815128 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24340`	vulnerable	2026-06-08 05:22:32.816647	Details available An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service. Published: 2020-12-11T22:54:39.000Z Updated: 2024-08-04T15:12:08.648Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/815128 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24339`	vulnerable	2026-06-08 05:22:32.815964	Details available An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service. Published: 2020-12-11T22:53:55.000Z Updated: 2024-08-04T15:12:08.716Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/815128 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24337`	vulnerable	2026-06-08 05:22:32.814981	Details available An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c. Published: 2020-12-11T22:44:00.000Z Updated: 2024-08-04T15:12:08.689Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/815128 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.